Hi there, I just have a question about the proxy management point role. (I have read the definition of the Proxy Management Role here: http://technet.microsoft.com/en-us/library/bb693472.aspx) (...and the SCCM Firewall Port Requirements here: http://technet.microsoft.com/en-us/library/bb632618.aspx) #1) Does adding the management point role to a secondary site make it a "proxy management point"? (Or is there some other requirement that needs to be met?) #2) What would happen in the following scenario? In AD there is a site named CompanyHQ which comprises of 2 subnets (lets call them Subnet A and Subnet B). During the configuration of the SCCM Primary site (lets call the server SCCM1 located in Subnet A), it is configured to use a Boundary using the AD site named CompanyHQ. So this means that all SCCM client PC's from Subnet A and Subnet B will report to server SCCM1. Now if I install a secondary site in Subnet B (lets call it SCCM2), then how will the SCCM clients in Subnet B know to use SCCM2 to send their inventory data to? I cannot see anything in the AD System Management container or any prompts during the Secondary Site installation wizard that seems to tie a new secondary site with subnet B. #3) To expand on the above, if there is a firewall between SCCM1 and SCCM2, and SCCM2 is made a proxy management point then does that mean that only ports 445 (SMB) and 1433 (SQL) need to opened for the SCCM infrastructure to function? i.e. SCCM clients in Subnet B send ALL SCCM related data to SCCM2 (Proxy MP). SCCM2 then communicates with SCCM1 via TCP Port 445 and with SCCM SQL DB Server on TCP Port 1433? If I have created confusion in my post please let me know and Thanks in advance!

Hi, 1) A MP in a secondary site is automatically a Proxy MP 2) Each site must have a unique set of boundaries. For SCCM2 you should assign Subnet B and make sure it is not also added to SCCM1. When you install the secondary server, the site component manager will try to update information in the system management container. Make sure that the secondary server has full control to all objects and child objects in the system management container. 3) For ports, refer to this article (it depends on several other factors like site roles etc) - http://technet.microsoft.com/en-us/library/bb632618.aspx Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

Hi Kent thanks for the reply. #1) Excellent - that clears that one up quite easily. #2) Does this mean that if SCCM1 was previously configured to use an Active Directory site to define the boundary (and that AD site contained Subnet A and Subnet B), then you would have to change the way the Boundary is defined for SCCM1 first? - i.e. from AD site boundary to IP Subnet Boundary? And then for SCCM2, define another Boundary consisting of Subnet2? #3) That URL is one I already read (stated at the top of my first post) - however it does not specifically say that deploying a Proxy MP would allow SCCM clients to send all SCCM related data thru via the ProxyMP - )thereby meaning only the firewall ports for site <-> site communication need to be opened).

Hi 2) Yes you need to redefine the boundaries otherwise you will have overlapping boundaries which is not supported. 3) Clients wil still need to contact their default Management point at the primary site for policy download - http://technet.microsoft.com/en-us/library/bb693472.aspxKent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

Ok one more point that needs a little clarification. According to Microsoft: #1) Secondary sites do not talk to a SCCM database directly. SCCM Secondary sites data is sent up the hierarchy to the SCCM primary site which then accesses to the SCCM Site database. #2) If a secondary site is made a proxy management point, then according to MS firewall port guidelines (http://technet.microsoft.com/en-us/library/bb632618.aspx), then this secondary site does communicate with the SQL server. (In link above see Point 22 - Management Point > SQL Server requires TCP Port 1433 to be opened) So the question is: If a secondary site is made a proxy management point, then does it or does it not commnicate with the SCCM Site database server ? (Very confused here) Thanks!

Hi, Yes a Management Point requires access to the SQL server.Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

Hello, sorry to dig out this old post. But i ran into the issue when installing a proxy management point on my secondary site. Why does the Proxy MP have to communicate with the SQL Server? I thought the proxy MP sends all its information to the primary site and ONLY the primary site communicates with the SQL server? Is there any option to handle a proxy MP like this? Thanks for an answer Philipp